CIS4 causes errors with XMPlay and Winlicense - guard32.dll issue

I’m running CIS 4.0.141842.828 as Firewall ONLY without AV and Defense+ enabled on Win7, 32 Bit and have the problem that XMPlay 3.5.1 produces an error when it’s started by double-clicking on an associated .wav file:

“ERROR! This file has been tampered with and MAY BE INFECTED BY A VIRUS!”

This error comes from the executable compressor “Petite” which has been used to compress xmplay.exe. When I close the error dialog, it takes about 10-15s until XMPlay starts playing the .wav file.

Reason for this is in guard32.dll that comes with CIS and is used to implement usermode hooks on some API calls. I guess the uncompressing engine of Petite does not like that (same for many executable protectors btw.)

When you set the compatibility mode to “Windows Vista SP 2” for XMPlay.exe the issue is gone.

Winlicense (or files protected by Winlicense) from Oreans Software does not start at all. The only solution here is to uninstall CIS4 or rename or remove guard32.dll from c:\windows\system32 folder.

My questions:

  1. Will that issue be resolved?
  2. CIS4 Firewall module is still working here without guard32.dll. Is it a bad idea to leave the .dll removed?

The developers are aware of the guard32.dll issue, and are working on it. Next update or the one after would be my guess.

Guard32.dll’s role appears to be wholly or mainly in relation to D+, so you should not be affected much. I’m sorry I cannot be clearer than this - for obviously reasons C. does not disclose the precise roles of each file.

Could you please check through this post here and add any information you have not yet supplied in your post.

Best wishes


Thanks for your reply :slight_smile:

Here’s the missing information:

CPU: Intel Core 2 T7200 @ 2.00GHz, 2000 Mhz

System: Notebook HP Compaq nc6400, 4 GB RAM

OS: Windows 7 Enterprise English, 32Bit Version 6.1 (Build 7600), all MS-Security patches installed

Running security apps: CIS 4.0.141842.828 installed as “Firewall Only”. Defense+ deaktivated perm., Sandbox disabled. No AV solution on the System. Windows Firewall is disabled.

Firewall mode: Custom Policy mode

My account is member of the local Administrators group and I have UAC disabled.


Thanks! This will be very helpful to the devs.

Best wishes


I wonder if you could tell me whether this is resolved in 4.1?

Many thanks